Authenticating Remote Server Hosts

Remote Secure Shell servers are authenticated by a public-key procedure. The user checks the fingerprint of the remote server's public key. When the user has approved the public key, it is stored in the user's $HOME/.ssh2/hostkeys directory and will be used automatically thereafter.

The verification step normally requires user interaction, so even for users that are set up to run client programs unattended, the first connection must be done by a person who logs in as the user, accesses the remote server, and goes through the fingerprint check dialog. The same steps must be repeated if the remote host's key is changed.

Caution: When ssh-keydist2 is run with the -a or -N options, it accepts the received host keys automatically without prompting the user. You should verify the validity of keys after receiving them or you risk being subject to a man-in-the-middle attack. To be able to verify the keys, you should use the plain host key storage format. See below.

When the host key is received during the first connection to a remote host (or when the host key has changed) and you choose to save the key, its filename is by default stored in hashed format, keys_hhh..., where hhh is a hash of the host port and name. The saved file contains a hash of the host's public key. A salt is included in the hash calculations. The value of the salt is stored in the file salt in the same directory as the host keys ($HOME/.ssh2/hostkeys). The hashed host key format is a security feature to make address harvesting on the hosts difficult.

In the plain (traditional) format, the name of a host key file includes the hosts's name and port, as in key_22_host.example.com.pub, and the file contains the host's public key in plaintext format.

The storage format can be controlled with the HostKeyFormat option of the ssh2_config configuration file. The argument must be plain or hashed (default).

HostKeyFormat plain

You can display the fingerprint of a received host key by running the following command: